CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Vulnerability Details : CVE-2006-4089

Multiple buffer overflows in Andy Lo-A-Foe AlsaPlayer 0.99.76 and earlier allow remote attackers to cause a denial of service (application crash), or have other unknown impact, via (1) a long Location field sent by a web server, which triggers an overflow in the reconnect function in reader/http/http.c; (2) a long URL sent by a web server when AlsaPlayer is seeking a media file for the playlist, which triggers overflows in new_list_item and CbUpdated in interface/gtk/PlaylistWindow.cpp; and (3) a long response sent by a CDDB server, which triggers an overflow in cddb_lookup in input/ccda/cdda_engine.c.
Publish Date : 2006-08-11 Last Update Date : 2008-09-05
Search Twitter   Search YouTube   Search Google

- CVSS Scores & Vulnerability Types

CVSS Score
5.0
Confidentiality Impact None (There is no impact to the confidentiality of the system.)
Integrity Impact None (There is no impact to the integrity of the system)
Availability Impact Partial (There is reduced performance or interruptions in resource availability.)
Access Complexity Low (Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
Authentication Not required (Authentication is not required to exploit the vulnerability.)
Gained Access None
Vulnerability Type(s) Denial Of ServiceOverflow
CWE ID CWE id is not defined for this vulnerability

- Products Affected By CVE-2006-4089

# Product Type Vendor Product Version Update Edition Language
1 Application Andy Lo-a-foe Alsaplayer 0.99.76 Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor Product Vulnerable Versions
Andy Lo-a-foe Alsaplayer 1

- References For CVE-2006-4089

http://secunia.com/advisories/21749
SECUNIA 21749
http://secunia.com/advisories/21639
SECUNIA 21639
http://secunia.com/advisories/22018
SECUNIA 22018
http://security.gentoo.org/glsa/glsa-200608-24.xml
GENTOO GLSA-200608-24
http://securityreason.com/securityalert/1356
SREASON 1356
http://www.debian.org/security/2006/dsa-1179
DEBIAN DSA-1179
http://www.frsirt.com/english/advisories/2006/3235
VUPEN ADV-2006-3235
http://www.novell.com/linux/security/advisories/2006_21_sr.html
SUSE SUSE-SR:2006:021
http://www.osvdb.org/27883
OSVDB 27883
http://www.osvdb.org/27884
OSVDB 27884
http://www.osvdb.org/27885
OSVDB 27885
http://xforce.iss.net/xforce/xfdb/28306
XF alsaplayer-reconnect-bo(28306)
http://xforce.iss.net/xforce/xfdb/28307
XF alsaplayer-gtkplaylist-bo(28307)
http://xforce.iss.net/xforce/xfdb/28308
XF alsaplayer-cddblookup-bo(28308)
http://www.securityfocus.com/bid/19450
BID 19450 AlsaPlayer Multiple Buffer Overflow Vulnerabilities Release Date:2006-11-16
http://www.securityfocus.com/archive/1/archive/1/442725/100/0/threaded
BUGTRAQ 20060809 Multiple buffer-overflows in AlsaPlayer 0.99.76
http://secunia.com/advisories/21422
SECUNIA 21422
http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0249.html
FULLDISC 20060809 Multiple buffer-overflows in AlsaPlayer 0.99.76
http://aluigi.altervista.org/adv/alsapbof-adv.txt

- Metasploit Modules Related To CVE-2006-4089

There are not any metasploit modules related to this vulnerability (Please visit www.metasploit.com for more information)


CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.